From owner-freebsd-questions Thu May 1 23:10:37 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.5/8.8.5) id XAA15584 for questions-outgoing; Thu, 1 May 1997 23:10:37 -0700 (PDT) Received: from mixcom.mixcom.com (mixcom.mixcom.com [198.137.186.100]) by hub.freebsd.org (8.8.5/8.8.5) with SMTP id XAA15576 for ; Thu, 1 May 1997 23:10:35 -0700 (PDT) Received: by mixcom.mixcom.com (8.6.12/2.2) id BAA23252; Fri, 2 May 1997 01:12:42 -0500 Received: from p75.mixcom.com(198.137.186.25) by mixcom.mixcom.com via smap (V1.3) id sma023240; Fri May 2 01:12:32 1997 Message-Id: <3.0.32.19970502011232.00b8e16c@mixcom.com> X-Sender: sysop@mixcom.com X-Mailer: Windows Eudora Pro Version 3.0 (32) Date: Fri, 02 May 1997 01:12:32 -0500 To: craig@tuna.progroup.com (Craig W. Shaver) From: "Jeffrey J. Mountin" Subject: Re: COME SEE THE HOTTEST scam spam on the net!!! Cc: questions@freebsd.org Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-questions@freebsd.org X-Loop: FreeBSD.org Precedence: bulk At 01:03 PM 4/27/97 -0700, Craig W. Shaver wrote: >When you get this kind of email expand the headers, most of the from >and reply addresses are forged, but the received list should show >a good ip address. Do a traceroute to each of the addresses, and >send email to root, postmaster, and abuse at each of the addresses. >Copy the headers and your traceroutes into your replies. I don't have the full thread for this, but did anyone mention that the headers can be forged. Only the first 2 lines of the header can be trusted, as they are added by the local sendmail. Here is the header from this message, as I don't have a truely creative bogus header handy: Received: by mixcom.mixcom.com (8.6.12/2.2) id PAA14271; Sun, 27 Apr 1997 15:26:51 -0500 Received: from ns3.harborcom.net(206.158.4.7) by mixcom.mixcom.com via smap (V1.3) id sma014261; Sun Apr 27 20:26:41 1997 (everything after this can be pure BS) Received: from hub.freebsd.org (hub.FreeBSD.ORG [204.216.27.18]) by ns3.harborcom.net (8.8.5/8.8.4) with ESMTP id QAA10827; Sun, 27 Apr 1997 16:25:47 -0400 (EDT) Received: from localhost (daemon@localhost) by hub.freebsd.org (8.8.5/8.8.5) with SMTP id NAA26277; Sun, 27 Apr 1997 13:03:12 -0700 (PDT) Received: (from root@localhost) by hub.freebsd.org (8.8.5/8.8.5) id NAA26254 for questions-outgoing; Sun, 27 Apr 1997 13:03:04 -0700 (PDT) Received: from seabass.progroup.com (catfish.progroup.com [206.24.122.2]) by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id NAA26249 for ; Sun, 27 Apr 1997 13:03:00 -0700 (PDT) Received: from tuna.ProGroup.COM (tuna.progroup.com [206.24.122.5]) by seabass.progroup.com (8.7.5/8.7.3) with SMTP id NAA25931; Sun, 27 Apr 1997 13:01:19 -0700 (PDT) Received: by tuna.ProGroup.COM (SMI-8.6/SMI-SVR4) id NAA02441; Sun, 27 Apr 1997 13:03:08 -0700 From: craig@tuna.progroup.com (Craig W. Shaver) Message-Id: <199704272003.NAA02441@tuna.ProGroup.COM> Subject: Re: COME SEE THE HOTTEST scam spam on the net!!! To: tomdean@ix.netcom.com Date: Sun, 27 Apr 1997 13:03:08 -0700 (PDT) Cc: questions@freebsd.org In-Reply-To: <3363715E.156@ix.netcom.com> from "Thomas D. Dean" at Apr 27, 97 08:31:42 am X-Mailer: ELM [version 2.4 PL25] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-questions@freebsd.org X-Loop: FreeBSD.org Precedence: bulk X-UIDL: 8c32cdb617d4289c6d5d1b1df50af7c8 ------------------------------------------- Jeff Mountin - System/Network Administrator jeff@mixcom.net MIX Communications Serving the Internet since 1990